Hi all,
in the past days there have been a few releases of our archlinux-keyring
package, which contains the root trust of our distribution.
We have successfully switched to using keyringctl [1] to manage the
keyring. From now on all changes to the keyring are done via merge
requests towards the
initiative.
I see that my key has made it but the trust is only marginal:
[~]$ pacman -Q archlinux-keyring
archlinux-keyring 20220114-1
[~]$ pacman-key --list-sigs ain...@archlinux.org
gpg: Note: trustdb not writable
pub ed25519 2018-10-03 [SC] [expires: 2022-07-18
On Fri, Jan 14, 2022 at 09:12:37PM +0100, David Runge via arch-dev-public wrote:
> If you have gained more than or equal to three main key signatures for
> your new PGP key and the key as well as those signatures are already
> available in the keyring in [core] please rebuild all of your packages
>
